github.com/cilium/cilium@v1.16.2/pkg/policy/api/groups.go

github.com/cilium/cilium@v1.16.2/pkg/policy/api/groups.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package api
     5  
     6  import (
     7  	"context"
     8  	"fmt"
     9  	"net/netip"
    10  
    11  	"github.com/cilium/cilium/pkg/ip"
    12  	"github.com/cilium/cilium/pkg/lock"
    13  )
    14  
    15  const (
    16  	AWSProvider = "AWS" // AWS provider key
    17  )
    18  
    19  var (
    20  	providers lock.Map[string, GroupProviderFunc] // map with the list of providers to callback to retrieve info from.
    21  )
    22  
    23  // GroupProviderFunc is a func that need to be register to be able to
    24  // register a new provider in the platform.
    25  type GroupProviderFunc func(context.Context, *Groups) ([]netip.Addr, error)
    26  
    27  // Groups structure to store all kinds of new integrations that needs a new
    28  // derivative policy.
    29  type Groups struct {
    30  	AWS *AWSGroup `json:"aws,omitempty"`
    31  }
    32  
    33  // AWSGroup is an structure that can be used to whitelisting information from AWS integration
    34  type AWSGroup struct {
    35  	Labels              map[string]string `json:"labels,omitempty"`
    36  	SecurityGroupsIds   []string          `json:"securityGroupsIds,omitempty"`
    37  	SecurityGroupsNames []string          `json:"securityGroupsNames,omitempty"`
    38  	Region              string            `json:"region,omitempty"`
    39  }
    40  
    41  // RegisterToGroupsProvider it will register a new callback that will be used
    42  // when a new ToGroups rule is added.
    43  func RegisterToGroupsProvider(providerName string, callback GroupProviderFunc) {
    44  	providers.Store(providerName, callback)
    45  }
    46  
    47  // GetCidrSet will return the CIDRRule for the rule using the callbacks that
    48  // are register in the platform.
    49  func (group *Groups) GetCidrSet(ctx context.Context) ([]CIDRRule, error) {
    50  	var addrs []netip.Addr
    51  	// Get per  provider CIDRSet
    52  	if group.AWS != nil {
    53  		callback, ok := providers.Load(AWSProvider)
    54  		if !ok {
    55  			return nil, fmt.Errorf("Provider %s is not registered", AWSProvider)
    56  		}
    57  		awsAddrs, err := callback(ctx, group)
    58  		if err != nil {
    59  			return nil, fmt.Errorf(
    60  				"Cannot retrieve data from %s provider: %w",
    61  				AWSProvider, err)
    62  		}
    63  		addrs = append(addrs, awsAddrs...)
    64  	}
    65  
    66  	resultAddrs := ip.KeepUniqueAddrs(addrs)
    67  	return addrsToCIDRRules(resultAddrs), nil
    68  }